From 4fff78541bfda40971e762e3945ede08163f0504 Mon Sep 17 00:00:00 2001
From: jebus <lorsbach@envipath.com>
Date: Sat, 19 Jul 2025 06:42:50 +1200
Subject: [PATCH] Implement Admin approval (#29)

This PR fixes #7

Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: https://git.envipath.com/enviPath/enviPy/pulls/29
---
 envipath/settings.py                  |  4 +++-
 epdb/logic.py                         | 11 ++++++++---
 epdb/management/commands/bootstrap.py |  6 +++---
 epdb/views.py                         |  9 +++++++--
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/envipath/settings.py b/envipath/settings.py
index 1f430335..ebdd3622 100644
--- a/envipath/settings.py
+++ b/envipath/settings.py
@@ -140,6 +140,7 @@ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
 EMAIL_PORT = 587
 
 AUTH_USER_MODEL = "epdb.User"
+ADMIN_APPROVAL_REQUIRED = os.environ.get('ADMIN_APPROVAL_REQUIRED', 'False') == 'True'
 
 # # SESAME
 # SESAME_MAX_AGE = 300
@@ -236,8 +237,9 @@ LOGGING = {
 ENVIFORMER_PRESENT = os.environ.get('ENVIFORMER_PRESENT', 'False') == 'True'
 if ENVIFORMER_PRESENT:
     print("Loading enviFormer")
+    device = os.environ.get('ENVIFORMER_DEVICE', 'cpu')
     from enviformer import load
-    ENVIFORMER_INSTANCE = load()
+    ENVIFORMER_INSTANCE = load(device=device)
     print("loaded")
 
 
diff --git a/epdb/logic.py b/epdb/logic.py
index 978eb754..07bdb9f6 100644
--- a/epdb/logic.py
+++ b/epdb/logic.py
@@ -4,6 +4,7 @@ from typing import Union, List, Optional, Set, Dict
 
 from django.contrib.auth import get_user_model
 from django.db import transaction
+from django.conf import settings as s
 
 from epdb.models import User, Package, UserPackagePermission, GroupPackagePermission, Permission, Group, Setting, \
     EPModel, UserSettingPermission, Rule, Pathway, Node, Edge
@@ -12,11 +13,15 @@ logger = logging.getLogger(__name__)
 
 class UserManager(object):
     @staticmethod
-    def create_user(username, email, password):
+    def create_user(username, email, password, *args, **kwargs):
         # avoid circular import :S
         from .tasks import send_registration_mail
-        # TODO flip to False
-        u = get_user_model().objects.create_user(username, email, password, is_active=True)
+
+        is_active = not s.ADMIN_APPROVAL_REQUIRED
+        if 'is_active' in kwargs:
+            is_active = kwargs['is_active']
+
+        u = get_user_model().objects.create_user(username, email, password, is_active=is_active)
 
         # Create package
         package_name = f"{u.username}{'’' if u.username[-1] in 'sxzß' else 's'} Package"
diff --git a/epdb/management/commands/bootstrap.py b/epdb/management/commands/bootstrap.py
index 50907fd2..5f3714ad 100644
--- a/epdb/management/commands/bootstrap.py
+++ b/epdb/management/commands/bootstrap.py
@@ -13,12 +13,12 @@ class Command(BaseCommand):
     def create_users(self):
 
         if not User.objects.filter(email='anon@lorsba.ch').exists():
-            anon = UserManager.create_user("anonymous", "anon@lorsba.ch", "SuperSafe")
+            anon = UserManager.create_user("anonymous", "anon@lorsba.ch", "SuperSafe", is_active=True)
         else:
             anon = User.objects.get(email='anon@lorsba.ch')
 
         if not User.objects.filter(email='admin@lorsba.ch').exists():
-            admin = UserManager.create_user("admin", "admin@lorsba.ch", "SuperSafe",)
+            admin = UserManager.create_user("admin", "admin@lorsba.ch", "SuperSafe", is_active=True)
             admin.is_staff = True
             admin.is_superuser = True
             admin.save()
@@ -36,7 +36,7 @@ class Command(BaseCommand):
         admin.save()
 
         if not User.objects.filter(email='jebus@lorsba.ch').exists():
-            jebus = UserManager.create_user("jebus", "jebus@lorsba.ch", "SuperSafe",)
+            jebus = UserManager.create_user("jebus", "jebus@lorsba.ch", "SuperSafe", is_active=True)
             jebus.is_staff = True
             jebus.is_superuser = True
             jebus.save()
diff --git a/epdb/views.py b/epdb/views.py
index b94eef6a..ed1eae99 100644
--- a/epdb/views.py
+++ b/epdb/views.py
@@ -1176,9 +1176,14 @@ def users(request):
             username = request.POST.get('username')
             password = request.POST.get('password')
 
-            # Get email for username
+            # Get email for username and check if account is active
             try:
-                email = get_user_model().objects.get(username=username).email
+                temp_user = get_user_model().objects.get(username=username)
+
+                if not temp_user.is_active:
+                    return render(request, 'errors/user_account_inactive.html', status=403)
+
+                email = temp_user.email
             except get_user_model().DoesNotExists:
                 return HttpResponseBadRequest()